Feature

Privacy Policies and Practices with Cloud-Based Services in Public Libraries

An Exploratory Case of BiblioCommons

Katie Chamberlain Kritikos (kritikos@uwm.edu), PhD Student, UW-Milwaukee School of Information Studies

Michael Zimmer (zimmerm@uwm.edu), Associate Professor, UW-Milwaukee School of Information Studies

Public libraries are increasingly turning to cloud-based and Library 2.0 solutions to provide patrons more user-focused, interactive, and social platforms from which to explore and use library resources. These platforms—such as BiblioCommons—often rely on the collection and aggregation of patron data, and have the potential to disrupt longstanding ethical norms within librarianship dedicated to protecting patron privacy. This article reports on the results of a pilot research study investigating how libraries are implementing third-party cloud computing services, how these implementations might impact patron privacy, and how libraries are responding to these concerns. The results of this research provide insights to guide the development of a set of best practices for future implementations of cloud-based Library 2.0 platforms in public library settings.

Introduction

Public libraries are increasingly turning to cloud-based and Library 2.0 solutions to provide patrons more user-focused, interactive, and social platforms from which to explore and use library resources while taking advantage of new opportunities for cost savings, flexibility, and enhanced data management (Casey and Savastinuk 2007; Courtney 2007; Casey and Savastinuk 2006). These third-party cloud services provide robust solutions to help libraries deliver resources, services, and expertise efficiently while also encouraging patrons to share information and participate in a platform that empowers them to socialize and leverage the power of a large community of users (Breeding 2011; Goldner 2010). Examples of cloud-based Library 2.0 platforms for libraries include OCLC WorldShare, Ex Libris Alma, and BiblioCommons.

Alongside the growth in cloud-based platforms to deliver library services, patrons are increasingly encouraged to participate in their integrated social and Web 2.0 features, ranging from maintaining user profiles, to creating lists of books, to sharing comments with other users, among others. Many such platforms also aggregate patron usage and activity data to fuel algorithmic filtering, provide personalized content and recommendations, and help identify and analyze trends. While librarians have historically engaged in professional practices that limit retention of patron data and protected confidentiality, such as limited tracking of user activities, having short-term data retention policies, and fostering the anonymous browsing of library materials (Morgan 2006; Gorman 2000), many Library 2.0 platforms are largely based on the tracking, collection, and aggregation of user data. Libraries are thus faced with balancing the use of cloud computing in libraries and its potential to disrupt longstanding ethical norms within librarianship dedicated to protecting patron privacy (Zimmer 2013a, 2013b).

This article reports on the results of a pilot research study investigating how libraries are implementing third-party cloud computing services, how these implementations might affect patron privacy, and how libraries are responding to these concerns. Focusing on thirty-three libraries who have implemented the BiblioCommons cloud-based discovery layer to manage their collections, this study assesses whether the participating libraries modified their privacy policies after launching the new Library 2.0 platform and how any potential effects to privacy were communicated to patrons. The results of this research provide insights to guide the development of a set of best practices for future implementations of cloud-based Library 2.0 platforms in public library settings.

Library 2.0: Technology and Privacy in Libraries

Patron Privacy and Librarian Ethics

Privacy is a necessary ingredient for achieving and protecting intellectual freedom because it forms the bedrock for an individual’s right to read and to receive ideas and information (Richards 2015, 2013). As former Supreme Court Justice Louis Brandeis found in his dissenting opinion in Olmstead v. United States, “The right to be left alone—the most comprehensive of rights, and the right most valued by a free people” (Olmstead v. U.S. 1928). Only when an individual is assured that her choice of reading material does not subject her to reprisals or punishment can she fully enjoy the freedom to explore ideas, weigh arguments, and decide for herself what she believes (Richards 2015, 2013; see ALA 2016). Such freedoms are threatened in an atmosphere in which library use is monitored and individual reading and library-use patterns are available to anyone without permission (Zimmer 2013a, 2013b).

To address privacy issues in US libraries, a set of “librarian ethics” has emerged from documents and ethical frameworks that the American Library Association (ALA) has refined and codified over time (see Magi and Garnar 2015). Ensuring the free and unfettered access to information is a cornerstone of the librarian profession enshrined in the ALA’s Code of Ethics. Initially adopted at the ALA’s midyear meeting in 1939, the Code of Ethics establishes general policies to guide ethical decision making in libraries (ALA Council 2008). The ALA also adopted the Library Bill of Rights in 1939, creating a formal policy statement on intellectual freedom that entitles everyone to free thought and expression and to the free access of library materials (Magi and Garnar 2015). In response to the changing global political environment at that time, the Library Bill of Rights outlined three policy statements to ensure free and open access to public library services: (1) library materials should be selected on the basis of their value and intrinsic interest to the community, not on the authors’ race, nationality, political, or religious views; (2) library materials should “fairly and adequately” represent all sides of social issues; and (3) library meeting rooms should have a democratic open-use policy to provide equal access to all community groups (Magi and Garnar 2015).

From the moment that the ALA adopted the Library Bill of Rights, intellectual freedom defined the library’s role as a forum for uninhibited intellectual inquiry and debate (Magi and Garnar 2015). Revisions to the policy followed as libraries faced challenges to intellectual freedom during the politically and socially tumultuous years between 1939 to 1969 (Magi and Garnar 2015), culminating in today’s strong statement of six policies that express both the rights of library users to intellectual freedom and the expectations that the ALA places on libraries to support their users (ALA Council 1996). Patron privacy and intellectual freedom, however, are perennially challenged, such as through government attempts to gain access to patron records (see Foerstel 2004; Doyle 2003; Foerstel 1991; Kennedy 1989; McFadden 1987). In response, the ALA has continually reaffirmed its commitment to protecting these values, issuing policy statements like Confidentiality of Personally Identifiable Information about Library Users (ALA Council 2004) and Privacy: An Interpretation of the Library Bill of Rights (ALA Council 2014).

Complementing the ALA’s policy responses to intellectual freedom and privacy threats, librarians and libraries often take action to protect patron privacy and confidentiality, including destroying patron reader records, destroying internet access logs daily, posting warning signs, offering patron education on privacy issues, and abandoning plans to use new technology that profiles the reading habits of patrons and informs them when works they may enjoy are published (Murphy 2003; Sanchez 2003). Indeed, librarians have a rich history of protecting patron privacy, fighting to ensure that the democratic ideal of intellectual freedom survives such challenges to the privacy and confidentiality of patrons’ information-seeking activities (Zimmer 2013a, 2013b). For example, Louise Robbins, a historian of ALA policy responses to intellectual freedom threats, has argued that the Library Bill of Rights and related ALA policies grant librarians both the responsibility and the tools to defend the right of readers to freedom of inquiry, which established a “zone of autonomy” for librarians to perform their duties (Robbins 1991, 360). Such a zone of autonomy also naturally extends to library patrons, who traditionally count on libraries to provide the freedom to read, inquire, and learn without undue oversight or threats of surveillance. Web 2.0, Library 2.0, and the use of technology in libraries, however, complicate the existing privacy norms and expectations within the library context.

Introducing Web 2.0 and Library 2.0

In general, “Web 2.0” refers to second-generation websites and services whose design and functionality encourage user interactivity, collaboration, and user-generated and -driven content (Rustad 2016; Casey and Savastinuk 2007; Courtney 2007). Examples of Web 2.0 websites that enable “users to work collaboratively” and increase the “scope of synchronous communications” (Rustad 2016, 20) include Wikipedia, YouTube, and Facebook. Web 2.0 transcends technology to capture the zeitgeist of modern ideas, behaviors, and ideals (see Allen 2008). It represents a blurring of the boundaries between web users and producers, consumption and participation, authority and amateurism, play and work, data and the network, and reality and virtuality (Zimmer 2008). In short, Web 2.0 suggests that everyone can and should use new internet technologies to organize and share information and to interact within communities by harnessing the power of collaboration and social networks to celebrate and empower the individual (Zimmer 2008).

Following the democratic trend of social interaction and collaboration, “Library 2.0” brings the ideology of Web 2.0 into the library. Librarian Michael Casey (2005), who originated the term Library 2.0 in 2005, defines the concept as user-centered change that gives library users a participatory role in the design of physical and virtual library services. At the time of Library 2.0’s inception, library scholars and practitioners grappled with the exact definition of the phenomenon (see, e.g., Boxen 2008; Evans 2008; Farkas, 2007; Lankes et al. 2007; Murley 2007; Maness 2006; Bingsi and Xiaojing 2006). Even without a standard definition, however, the literature reflects a consensus that the implementation of Library 2.0 technologies and services means bringing interactive, collaborative, user-centered, and web-based technologies to the library (Casey and Savastinuk 2007; Courtney 2007; Casey and Savastinuk 2006).

Examples of Library 2.0 technology related to OPACs and discovery layers include

To participate in and benefit from the Library 2.0 services in these examples, library patrons may have to create user accounts, divulge personal interests and intellectual activities, and risk the tracking and logging of their library activities and personal data (Zimmer 2013a, 2013b). Hence, launching Library 2.0 features challenges traditional librarian ethics regarding patron privacy discussed above (Casey and Savastinuk 2006; Litwin 2006).

Library 2.0 Ten Years Later

A review of more recent library and information science literature expands the Library 2.0 discussion in both scholarly and professional circles, starting with its purpose and function (see Huvila et al. 2013; Kwanya, Stilwell, and Underwood 2012; Anttiroiko and Savolainen 2011). Anttiroiko and Savolainen (2011) study how public libraries adopt Library 2.0 technologies to revitalize their offered services, identifying the main goals of using new technologies as communication, content sharing, social networking, and crowdsourcing.

While scholars find the continued and increasing prevalence of Web 2.0 technology in public libraries (Mannheimer, Young, and Rossmann 2016; Deodato 2014), Library 2.0 has now been introduced into academic libraries (Hess, LaPorte-Fiori, and Engwall 2015; Boateng and Liu 2014; Mahmood and Richardson 2013). There is also growing international treatment of Web 2.0 and Library 2.0 in the literature of countries such as Malaysia (Abidin, Kiran, and Abrizah 2013); Pakistan (Arif and Mahmood 2012); Africa (Lwyoga 2013); international cities (Mainka et al. 2013); and Poland (Wójcik 2015), to name a few. Additionally, a 2015 study investigated the use of social media tools to enhance library inclusion and outreach activities by comparing Web 2.0 implementation in Greater China, Switzerland, the United States, the United Kingdom, Australia, and New Zealand (Abdullah et al. 2015).

Despite the increasing use of Library 2.0, Kwanya et al. (2012) lament the lack of cohesion in standards for its implementation and management, concluding that libraries will have to adopt and adapt new technology based on the context of their unique communities. Huvila et al. (2013) find that the new technological skills required of traditional librarians can disrupt their work identity and confidence. What’s more, librarians can also lack proper education in new technologies (Huvila et al. 2013) and the libraries themselves often do not have suitable privacy policies that cover patron privacy and confidentiality (Hess et al. 2015; Lambert, Parker, and Bashir 2015; Al-Suqri and Akomolafe-Fatuyi 2012; Magi, 2010). Both issues demonstrate the literature’s continued treatment of privacy and librarian ethics (see Breeding 2016a; Campbell and Cowan 2016; Gressel 2014; Lambert et al. 2015; Lilburn 2015).

In addition to the above concerns, many authors highlight the prevalence of digital privacy and security issues in the modern library. Current Library 2.0 privacy issues range from privacy and security in digital libraries (Al-Suqri and Akomolafe-Fatuyi 2012) to privacy and security for now-typical library software like discovery layers (Breeding 2016a, 2016b). One example is protecting privacy when patrons from marginalized or underrepresented groups, such as the lesbian, gay, bisexual, and transgender community, use library services to research private, personal matters (Campbell and Cowan 2016). Related to privacy and security, Lilburn (2015) points out the sobering fact that companies that own many of the Web 2.0 tools used in libraries track and monitor user behavior for their own profit, as well as that commercial social media can empower governments and corporations. On a related note, a 2015 study by Lambert et al. finds that while the increased use of digital vendors provides enhanced Web 2.0 services, such use threatens patrons’ privacy and intellectual freedom because these vendors have access to patrons’ personal information (see also Magi, 2010).

Also of note is the broader philosophical discussion regarding Library 2.0, technology, and privacy (see Ard 2016, 2014; Hoffmann 2016; Mathiesen 2015; Magi 2011). In light of the increasing use of advanced information and communication technologies in Library 2.0, Hoffmann (2016) applies the value of self-respect from moral and political philosophy to librarians and scholars interested in social justice issues as a foundation for libraries’ protection of patron privacy and intellectual freedom. Continuing the social justice trend, Mathiesen (2015) finds that privacy and intellectual freedom are increasingly thought of as human rights in the global information age. Library and information science plays a central role in facilitating communication about human rights (Mathiesen 2015). More specifically, Ard (2014) expresses concern with the surveillance and collection of patron activity and data by third-party digital content vendors. Because the traditional library privacy regime does not restrict what third-party digital service provider can do with this data, libraries should extend the privacy of reader records to all types of data practices to protect intellectual privacy from unwanted surveillance by digital intermediaries (Ard 2016, 2014).

This need for protection from unwanted surveillance by digital intermediaries inspired Gressel (2014) to argue that many librarians have neglected digital privacy issues in their rush to integrate Web 2.0 technologies into their libraries and to advocate the protection of patron privacy over the implementation of Web 2.0 technologies. And while it may be easy to dismiss privacy as no longer relevant, especially to the younger generation (Gressel 2014), Magi draws on interdisciplinary scholarship ranging from law to psychology to philosophy, among others, to offer fourteen compelling reasons why privacy still matters to individuals and to society in three categories: “(1) benefits to the individual, (2) benefits to personal relationships, and (3) benefits to society” (Magi 2011, 198). In light of the growing tension between protecting privacy and intellectual freedom and the advancement and application of new technologies in libraries, librarians must adopt a broad understanding privacy (Magi 2011).

Library 2.0 and privacy also see an expanded discussion and increasing treatment in professional circles focusing on the dual role of libraries as the providers of information and the protectors of patron privacy. Statements and tools from the ALA include 2014 updates to Privacy: An Interpretation of the Library Bill of Rights (ALA Council 2014) and the Privacy Toolkit (ALA IFC 2014), as well as 2016 updates to the variety of privacy guidelines issued by the Privacy Subcommittee of the Intellectual Freedom Council (ALA IFC 2016a, 2016b, 2016c). Additionally, the Trend Report (IFLA 2013) and Trend Report Update (IFLA 2016) from the International Federation of Library Associations and Institutions identify privacy and technology as the chief trends shaping and transforming the information ecosystem.

Finally, nonprofit organizations like the Library Freedom Project (2017), a partnership of librarians, technologists, attorneys, and privacy advocates, strive to address the increasing problems of surveillance and promote intellectual freedom in libraries. All of these organizations demonstrate an awareness of the possibilities and pitfalls of the increasing use of Web 2.0 technology and a growing concern over surveillance in libraries. The overall message focuses on the need for education about surveillance threats, user privacy rights, and library responsibilities to upholds intellectual freedom and privacy. The goal is to ensure the pursuit of free, open inquiry by library patrons and to combat surveillance.

Context for the BiblioCommons Study

The above review of the recent scholarly and professional literature reveals a moderate increase in attention to privacy and security in Library 2.0 over the past decade. Libraries have been slow to integrate Library 2.0 platforms—and to update their privacy policies (Hess et al. 2015)—and so privacy, confidentiality, and related ethical concerns remain largely unresolved. For example, adopting the research methodology and analysis used by Magi (2010) to review the privacy policies of library vendor licenses, Lambert et al. (2015) studied the privacy policies of the top five digital content vendors at the time (Axis 360, Hoopla, OneClickDigital, OverDrive, and Zinio) to determine whether the policies (1) met the privacy standards of the American Library Association Code of Ethics, (2) met the Fair Information Practices (FIP) standards of American industry, and (3) were accessible and understandable to public library patrons (Lambert et al., 2015). The study found that while the digital content vendors largely complied with the FIP standards, their privacy policies failed to meet the heightened privacy standards of librarian ethics. Thus the increased use of digital content vendors to provide enhanced Web 2.0 services in public libraries threatens the privacy and intellectual freedom of patrons because the vendors have access to patrons’ personal information (Lambert et al., 2015).

To further explore the protection of patron privacy and the implementation of Library 2.0 services, the current study investigates the relationship between the implementation and use of BiblioCommons, a cloud-based discover layer, and the privacy policies in participating public libraries.

Case Study: BiblioCommons

Drawing from a sample of the US public libraries that licensed the BiblioCommons software as of January 2015, this study investigates whether—if at all—libraries have modified their privacy policies and practices upon implementation of the Library 2.0 platform. As public libraries continue using Library 2.0 services from third-party vendors like BiblioCommons, refining and tailoring policies to new technology is critical for protecting patron privacy in the digital age. Through this analysis of privacy policies from the participating public libraries, we are better positioned to recommend best practices for library privacy policies in the era of Library 2.0.

What Is BiblioCommons?

BiblioCommons is a Canadian company that develops and hosts cloud-based software solutions for public libraries, allowing partnering libraries to enhance their traditional online public access catalog (OPAC) with a dynamic, integrated, and social discovery layer. According to the BiblioCommons website, the company’s goal is “to help public libraries deliver the same kind of rich discovery and community connection experiences online that the library has always delivered in its branches—all built around the heart of the library: its collections” (BiblioCommons 2016a). At the time of this study in January 2015, there were thirty-four participating libraries in the United States, presented in table 1. As of October 2016, BiblioCommons has fifty-three participating public libraries in the United States, as well as libraries in Canada, Australia, and New Zealand (BiblioCommons 2016c).

BiblioCommons Products and Information Flows

The BiblioCommons software product is a fully managed and integrated online solution that combines the public library’s circulation and cataloguing scheme, branding, etc.; the BiblioCommons connectors, code, servers, security, upgrades, updates, and support; and the worldwide community of users contributing ratings, reviews, and lists of books, movies, and more (BiblioCommons 2016b).

The main BiblioCommons software product is Biblio­Core. To further the company’s goal to be the “center of online discovery and connection” (BiblioCommons 2016a), BiblioCore replaces the public library traditional OPAC’s account management and search functions, allowing public library staff and patrons to search the catalog, brose and explore the online stacks, and borrow materials via online user accounts. To complement BiblioCore, Biblio­Commons also offers BiblioMobile, a mobile application, and BiblioWeb, an interactive, integrated website and content management tool.

The BiblioCommons environment encourages users to create their own personal collections and reading guides that lay the foundation for engagement with the library and fellow readers in various ways. The social features of the BiblioCore software include “a common platform that aggregates the shared expertise, opinions and recommendations of staff and customers alike across all libraries, and integrates those contributions back into the local catalog in intelligent ways” (BiblioCommons 2016a). It harnesses the “power of the local OPAC as a gateway to broad participation and engagement” that brings the traditional OPAC into the world of Web 2.0, making the interface more social and interactive for public library patrons (Biblio­Commons 2016a; Scardilli 2015). Other social features include sharing reading experiences with others, to rate and review material and to create private or shared lists of titles.

Patrons access the BiblioCommons discovery layer through their home library’s website, typically in a seamless fashion. For example, when users browse the Boston Public Library website and click on “BPL Catalog,” they are routed to BPL’s collection hosted on the Biblio­Commons platform, maintaining the general branding and design scheme of the main BPL website. From the customized BiblioCommons platform site, patrons can browse items, read comments from other patrons, rate books, share items, and engage in other related social activities. The standard template for the BiblioCommons web interface includes a terms of use and privacy statement at the bottom of each page (see appendix A and appendix B, respectively).

Library patrons may search the library catalog anonymously via the BiblioCommons platform, but they must create an account to use other services, such as placing a hold request or saving a title for later. They must, however, create a separate account to access the full functionality of the BiblioCommons platform, which requires providing BiblioCommons their library card number, PIN and borrower ID, name, birth month and year, and email address. When used by a logged-in patron, BiblioCommons collects the patron’s browsing activity on the platform, which can then be associated to the patron’s account. As detailed in the “Personal Information” section of the BiblioCommons privacy statement (appendix B), BiblioCommons secures and encrypts all personal information provided by the user during the registration process and does not share information or activity with ad networks or other entities that are not directly involved in the library’s services: “Information in your BiblioCommons account that personally identifies you is encrypted and stored in a secured facility.” Users can access their borrowing activity (current or recent loans, due dates, fines, etc.) within BiblioCommons, but the platform does not automatically store that information within a user’s account. Rather, it merely is pulled from the library’s separate circulation system for display. Patron content created through the “Shared Content” features, such as providing book reviews, ratings, or creating shared lists or collections, is linked to a patron’s BiblioCommons account.

Reactions to BiblioCommons in the Library Community

While BiblioCommons remains small, it is growing, and the library world has noticed. An early adopter of BiblioCommons, the New York Public Library expressed the excitement of partnering with the new software company “to completely transform its current online catalog, making it easier to discover the Library’s vast collections while also giving users the power to create reading lists, rate the latest books, and organize groups” (NYPL 2011).i More recently, a 2015 review in Information Today highlights BiblioCommons’ sophisticated search function that is akin to that of Google or Amazon: “The search function offers natural language detection, full native Unicode support, auto-suggest for misspelled keywords, and limiting through an extended set of facets, as well as relevance-ranked results that adapt to a library’s data and circulation patterns” (Scardilli 2015).

BiblioCommons also received treatment in the American Libraries library report for 2016. In the section on public libraries, the report noted that “the public library technology sector had a relatively quiet year in 2015 with a steady churn of libraries shifting to alternative ILS [integrated library system] products in a competitive environment characterized by marginal differentiation” (Breeding 2016b). One such alternative ILS product is Biblio­Commons, which, despite its growing presence in public libraries, has been slow to catch on in some communities. For example, the Columbus (OH) Metropolitan Libraries rolled out their new BiblioCommons website in January 2016 (Narciso 2016). As of April 2016, only about 84,000 people, or 16 percent of the system’s 500,000 library cardholders, had signed up for BiblioCommons accounts (Narciso 2016).

Further, while most librarians recognize how services like BiblioCommons can greatly improve the delivery of library services and enhance patron activities, the increased need for the tracking, collecting, and potentially retaining of data about patron activities presents a challenge to the traditional librarian ethic regarding patron privacy (Zimmer 2013b; Litwin 2006). Such concerns are evident in numerous reports of community reactions to new implementations of BilblioCommons in local libraries (see, e.g., Narciso 2016; Warfield 2015; Greiner 2013; Breeding 2011). For example, Narciso (2016) reports that when BiblioCommons launched at the Columbus Metropolitan Libraries, “aversion to change” discouraged library patrons from signing up for an account: only “about 84,000 cardholders—just 16 percent of the system’s more than 500,000 cardholders—signed up, surprising some library officials.” Additionally, Warfield (2015) cited patrons’ privacy concerns with the implementation of Biblio­Commons at the San Francisco Public Library stemming in large part from the library’s “long history of making decisions without public input.”

Research Methodology

In light of these concerns about patron privacy and the use of third-party Library 2.0 services, this study investigated whether—if at all—libraries have modified their privacy policies and practices upon implementation of the BiblioCommons platform. Specifically, the study sought answers to these exploratory research questions:

RQ1: Did participating public libraries adjust their privacy policies upon implementing BiblioCommons services?

RQ2: Did participating public libraries adjust their privacy practices upon implementing BiblioCommons services?

RQ3: Did participating did libraries communicate with patrons regarding privacy implications of the BiblioCommons service?

The research design for this study was to engage in a document analysis of materials acquired from libraries using the BiblioCommons cloud-based discovery layer software. Purposive sampling was used to target the thirty-four U.S. public libraries using BiblioCommons at the time of initial data collection (January 2015). Open records requests were sent to each participating library requesting the following documents:

  1. all contracts, agreements, or related legal/vendor documents the public library might have with BiblioCommons
  2. all internal policies, documented procedures, or other materials related to the initial installation and continued implementation of BiblioCommons products and services
  3. all notices provided to patrons related to the library’s collection and use of patron data, including the library’s privacy policy (if extant)

A sample of the open records request is attached to this report as appendix C.

Thirty-three of the thirty-four participating public libraries responded to the records request, with thirty-two of the respondents providing materials.ii Materials received included library subscription agreements with Biblio­Commons, internal BiblioCommons implementation documents, library privacy policies, and related items. One of the weaknesses of requesting documents from participating public libraries, even via an open records request, was the lack of, or the incompleteness of, the information received. Upon a preliminary assessment of the comprehensiveness of materials received, we used online sources like the BiblioCommons website, participating public library websites, and the Internet Archive Wayback Machine to retrieve missing documents and locate historical versions of received materials.

After collecting the, we conducted a document analysis (Bowen 2009) to investigate answers to our exploratory research questions, focusing on a close reading of materials provided as well as comparisons of materials across participating libraries.

Data Analysis

Privacy Policies

Each of the thirty-four public libraries with service agreements with BiblioCommons use the boilerplate BiblioCommons privacy statement (appendix B), made accessible to patrons at the bottom of the discovery layer’s main page. As these privacy policies are located and maintained on the BiblioCommons web servers, all of the policies were the most recent version of the boilerplate (updated January 19, 2015), and none of the language varied across the different partner libraries, save for customization of the library’s name in the opening paragraph and other relevant passages.

Significant variance exists, however, in the privacy policies of the partner libraries themselves. Of the thirty-four participating libraries, thirty-two also had an internal library privacy policy in place in addition to the boilerplate BiblioCommons privacy statement (see appendix B), with two libraries (Central Rappahannock Regional Library and Lawrence Public Library) lacking any general privacy policy available on their website. Of those libraries with privacy policies online, only four linked directly to their internal privacy policies from their websites’ homepages: Central Arkansas Library System, Multnomah County (OR) Library, New York Public Library, and San Antonio Public Library. The remaining libraries made their privacy policies available to patrons elsewhere on their websites, most commonly in the “About the Library” or “Using the Library” sections. Often, the internal privacy policy was buried deep in the library’s website and only accessible after much determined searching. For example, as of the time of this analysis, the Austin Public Library required the following path to access its internal privacy policy: Home > Using the Library > About the Library > Policies and Information > Privacy Statement.

Examining the publication dates of the partner libraries’ internal privacy policies, nearly one-third (nine of twenty-eight with version dates) predate the existence of a contract with BiblioCommons. Further, only eight of the thirty-two libraries’ internal privacy policies analyzed directly reference the use of BiblioCommons third-party services, and its related privacy policies and practices (see table 2).

Privacy Practices

The request for internal policies, documented procedures, or other materials related to the initial installation and continued implementation of BiblioCommons products and services yielded minimal materials for analysis. Most libraries indicated they did not have any internal policies or formal documented procedures related to the use Biblio­Commons, and others simply provided copies of the BiblioCommons installation and training guidelines. We did not receive any information indicating a library implemented or adjusted any internal privacy-related practices in response to the use of BiblioCommons.

In attempting to respond to this request, many libraries provided internal communications and materials to help train library staff on the features and benefits of BiblioCommons, as well as how to communicate with patrons regarding the change. Some of the materials mentioned patron privacy, focusing largely on how to show patrons where the privacy settings are located, or to alleviate general concerns. For example, some training presentations (such as from the Peninsula Library System and the San Francisco Public Library) discussed how patrons could create “Shelves” or “Lists,” and noted the ability to made make such features public or private through the platform’s privacy settings.

Other training documents (Bellingham [WA] Public Library and Chicago Public Library, for example) showed library staff how to guide patrons through the privacy settings of their BiblioCommons account, and another library (Whatcom County [WA] Library) created an internal training wiki that featured a detailed section on privacy and provided sample text on how to reply to patrons’ concerns. Princeton Public Library provided a set of privacy-related “frequently asked questions” (apparently developed by BiblioCommons) to help guide staff responses to concerned patrons.

Communication with Patrons

In response to the request for any communications to patrons related to a participating library’s collection and use of patron data, nearly all libraries provided copies of their internal privacy and confidentiality policies, copies of the BiblioCommons terms of use and privacy statement accessible to patrons from the website, or related policy statements (see “Privacy Policies,” above, for a discussion of privacy policies).

Several libraries provided supplementary communication materials indented to help patrons understand their privacy within the library, broadly. For example, Daniel Boone Regional Library (Columbus, MO) shared its information brochure designed for new patrons, which notes the library’s privacy and confidentiality practices, as did a welcome brochure from the Santa Clara County (CA) Library. Others shared forms used to obtain a library card or create an account, which referred patrons to the library’s existing privacy policies.

Only a few libraries provided communication materials specifically designed to help patrons understand the privacy implications of the new BiblioCommons platform. For example, Greenwich (CT) Library produced colorful bookmarks that highlighted various features of the new discovery layer and included mention of how personalized “Shelves” and “Lists” could be set as private or public; it also referred patrons to the library’s confidentiality policy as well as the BiblioCommons terms of use for more information about how their information might be shared. Greenwich Library also produced screencast tutorials to help walk patrons through the new features, which included tips on making “Shelves” and “Lists” private or public. Other libraries, such as the Portland Public Library and the Seattle Public Library, shared general help and FAQ pages designed to assist patrons when creating and using BiblioCommons accounts, which typically mentioned and linked to the library’s privacy policies as well as the Biblio­Commons privacy statement and terms of use.

Based on the materials received from partner libraries, the most comprehensive communication to patrons regarding the privacy implications of BiblioCommons originated from the New York Public Library. In advance of the implementation of the platform in 2011, the library distributed patron fliers and created a webpage titled “Overview of Privacy Issues for NYPL’s New Catalog,” providing details about the information that will be collected in connection with NYPL’s new discovery layer, as well as a summary of how BiblioCommons and NYPL will use that information. The library also made it clear that users did not have to create accounts or use the Biblio­Commons interface, and it maintained the legacy catalog interface for patrons who didn’t wish to opt into the new platform.

Discussion, Recommendations, and Future Research

Our first exploratory research question was to understand whether participating public libraries adjusted their privacy policies upon implementing BiblioCommons services. The analysis revealed that while eight libraries updated their privacy policies to make specific mention of BiblioCommons, most did not, and nine libraries had policies that have not been updated at all in the time since first contracting with the cloud service provider. This reveals an uneven approach to ensuring that internal policies reflect the technological changes occurring within library services. Our recommendation is that all libraries should adjust their privacy policies to reflect the use of third-party cloud service providers and provide details on how any patron information might be shared, as well as any steps taken to protect patron privacy. Libraries should also ensure privacy policies are easily accessible by patrons, ideally provided directly on the library homepage, which would demonstrate a library’s commitment to making the privacy policies transparent and available to patrons.

The consequences of this oversight are, perhaps, mitigated by the fact that the BiblioCommons platform itself has a separate privacy statement that is automatically displayed on each library’s installation of the service. This policy statement, along with the terms of use, are frequently updated by BiblioCommons and automatically pushed out to all participating libraries so patrons will always see the most recent version. It is uncertain if participating libraries are knowingly relying on the Biblio­Commons privacy policy instead of updating their own, and future research could investigate the motivations behind participating libraries’ approach to their internal privacy policies. There is concern that libraries might begin to rely solely on third-party providers to maintain updated privacy policies, especially since libraries’ historical commitment to patron privacy might not fully align with the interests of third-party technology providers.

Our second exploratory research question sought to understand if participating public libraries adjusted their privacy practices upon implementing BiblioCommons services. We received limited data that was directly responsive to this request and therefore saw little direct evidence that indicated any library implemented or adjusted its internal privacy-related practices in response to the use of BiblioCommons. Some libraries provided training materials in an attempt to show evidence of some form of internal practices and activities related to the launch of Biblio­Commons, and our analysis of these revealed a varied approach to bringing staff up to speed on how users can manage their privacy through BiblioCommons. Not all libraries chose to provide this material (as it was not specifically requested), so a full analysis is not possible.

To better investigate this question of whether libraries changed their data practices in reaction to the use of Biblio­Commons, a more targeted data gathering strategy is necessary, and future research might engage in case studies of specific libraries to gain richer qualitative data from personnel directly involved in the implementation and installation of BiblioCommons.

Our third exploratory research question asked how participating libraries communicated with patrons regarding any privacy implications of the BiblioCommons service. While all libraries make available the BiblioCommons privacy statement that automatically appears on the footer of each webpage on the platform, only a handful provided additional material specifically-tailored to communicate with patrons about the new platform. General tutorials often mentioned how certain social features could be set to private or public, but there was little discussion of the type of information that BiblioCommons itself might have access to regarding patron activities. The best practice came from New York Public Library, who took additional steps to ensure patrons were made aware of the new platform and the data sharing that might occur. Our recommendation is for more libraries to follow this example and provide direct and meaningful communication with patrons about what it means to create an account on the BiblioCommons platform.

This study revealed a mixed approach to addressing patron privacy among the libraries using the Biblio­Commons cloud-based discovery layer. Future research can build from these exploratory questions and home in on the core issues of whether privacy policies are staying up to date, whether libraries are changing their overall data and privacy practices after engaging with cloud-based services, and how (and to what effect) libraries are communicating with patrons regarding any privacy implications. As public libraries continue to rely on Library 2.0 services from third-party vendors like BiblioCommons, refining and tailoring privacy policies and practices is critical for protecting patron privacy in the digital age.

References

Abdullah, N., S. Chu, S. Rajagopal, A. Tung, and Y. Kwong-Man. 2015. “Exploring Libraries’ Efforts in Inclusion and Outreach Activities Using Social Media.” Libri 65, no. 1: 34–47. https://doi.org/10.1515/libri-2014-0055.

Abidin, M. I., K. Kiran, and A. Abrizah. 2013. “Adoption of Public Library 2.0: Librarians’ and Teens’ Perspective.” Malaysian Journal of Library and Information Science 18, no. 3: 75–90. https://www.researchgate.net/publication/287559472_Adoption_of_Public_Library_20_Librarians’_and_teens’_perspective.

Al-Suqri, M. N., and E. Akomolafe-Fatuyi. 2012. “Security and Privacy in Digital Libraries: Challenges, Opportunities and Prospects.” International Journal of Digital Library Systems 3, no. 4: 54–61. https://doi.org/10.4018/ijdls.2012100103.

Arif, M., and K. Mahmood. 2012. “The Changing Role of Librarians in the Digital World.” Electronic Library 30, no. 4 469–79. https://doi.org/10.1108/02640471211252184.

American Library Association (ALA) Council. 1996. “Library Bill of Rights.” http://www.ala.org/advocacy/intfreedom/librarybill.

———. 2004. “Policy Concerning Confidentiality of Personally Identifiable Information about Library Users.” http://www.ala.org/advocacy/intfreedom/statementspols/otherpolicies/policyconcerning.

———. 2008. “Code of Ethics.” http://www.ala.org/advocacy/proethics/codeofethics/codeethics.

———. 2014. “Privacy: An Interpretation of the Library Bill of Rights.” http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/privacy.

American Library Association Intellectual Freedom Committee (ALA IFC), Privacy Subcommittee. 2014. “Privacy Toolkit.” http://www.ala.org/advocacy/privacyconfidentiality/toolkitsprivacy/privacy.

———. 2016a. “Library Privacy Guidelines for Public Access Computers and Networks.” http://www.ala.org/advocacy/library-privacy-guidelines-public-access-computers-and-networks.

———. 2016b. “Library Privacy Guidelines for Library Websites, OPACs, and Discovery Services.” http://www.ala.org/advocacy/library-privacy-guidelines-library-websites-opacs-and-discovery-services.

———. 2016c. “Library Privacy Guidelines for Data Exchange Between Networked Devices and Services.” http://www.ala.org/advocacy/library-privacy-guidelines-data-exchange-between-networked-devices-and-services.

Anttiroiko, A.-V., and R. Savolainen. 2011. “Towards Library 2.0: The Adoption of Web 2.0 Technologies in Public Libraries.” Libri 61, no. 2: 87–99. http://doi.org/10.1515/libr.2011.008.

Ard, B. J. 2014. “Confidentiality and the Problem of Third Parties: Protecting Reader Privacy in the Age of Intermediaries.” Yale Journal of Law and Technology 16, no. 1: article 1. http://digitalcommons.law.yale.edu/yjolt/vol16/iss1/1.

———. 2016. “Librarians as Privacy Advocates.” Journal of Law and Policy for the Information Society 12. Retrieved from http://ssrn.com/abstract=2812703.

BiblioCommons. 2016a. “About Us.” http://legacy.bibliocommons.com/about/about-us.

———. 2016b. “How We Work.” http://legacy.bibliocommons.com/how-we-work/how-we-work.

———. 2016c. “Participating Libraries: United States.” http://legacy.bibliocommons.com/about/participating-libraries/united-states.

Bingsi, F., and H. Xiaojing. 2006. “Library 2.0: Building the New Library Services.” Journal of Academic Libraries 1: 2–5. http://en.cnki.com.cn/Article_en/CJFDTOTAL-DXTS200601002.htm.

Boateng, F., and Y. Q. Liu. “Web 2.0 Applications’ Usage and Trends in Top US Academic Libraries.” Library Hi Tech 32, no. 1 (2014): 120–38. https://doi.org/10.1108/LHT-07-2013-0093.

Bowen, G. 2009. “Document Analysis as a Qualitative Research Method.” Qualitative Research Journal 9, no. 2: 27–40. http://connection.ebscohost.com/c/articles/47652758/document-analysis-as-qualitative-research-method.

Boxen, J. 2008. “Library 2.0: A Review of the Literature.” Reference Librarian 49, no. 1: 21–34. https://doi.org/10.1080/02763870802103597.

Breeding, M. 2011. “New York Public Library Partners with BiblioCommons.” Smart Libraries Newsletter 31, no. 9: 2–4. https://librarytechnology.org/repository/item.pl?id=16143.

———. 2016a. “Issues and Technologies Related to Privacy and Security.” Library Technology Reports: Privacy and Security for Library Systems 52, no. 4: 5–12. https://journals.ala.org/ltr/article/view/5973.

———. 2016b. “Power Plays: Library Systems Report 2016.” American Libraries (blog), May 2. https://americanlibrariesmagazine.org/2016/05/02/library-systems-report-2016/.

Campbell, D. G,. and S. R. Cowan. 2016. “The Paradox of Privacy: Revisiting a Core Library Value in an Age of Big Data and Linked Data.” Library Trends 64, no. 3: 492–511. https://www.ideals.illinois.edu/bitstream/handle/2142/89851/64.3.campbell.pdf?sequence=2.

Casey, M. 2005. “Working Towards a Definition of Library 2.0.” LibraryCrunch (blog), October 21. http://www.librarycrunch.com/2005/10/working_towards_a_definition_o.html.

Casey, M. E., and L. C. Savastinuk. 2006. “Library 2.0: Service for the Next-Generation Library.” Library Journal 131, no. 1: 40–42. https://www.researchgate.net/publication/234619983_Library_20_Service_for_the_Next-Generation_Library.

———. 2007. Library 2.0: A Guide to Participatory Library Service. Medford, NJ: Information Today, Inc.

Courtney, N., ed. 2007. Library 2.0 and Beyond: Innovative Technologies and Tomorrow’s User. Westport, CT: Libraries Unlimited.

Deodato, J. 2014. “The Patron as Producer: Libraries, Web 2.0, and Participatory Culture.” Journal of Documentation 70, no. 5: 734–58. https://doi.org/10.1108/JD-10-2012-0127.

Doyle, C. 2003. “Libraries and the USA PATRIOT Act.” Congressional Research Service Report for Congress RS21441. Washington, DC: Congressional Research Service, Library of Congress. http://www.ala.org/advocacy/sites/ala.org.advocacy/files/content/advleg/federallegislation/theusapatriotact/CRS215LibrariesAnalysis.pdf.

Evans, B. 2008. “Library 2.0: The Consumer as Producer.” Information Today 25, no. 9: 1–54. http://connection.ebscohost.com/c/articles/34584073/library-2-0-consumer-as-producer.

Farkas, M. G. 2007. Social Software in Libraries: Building Collaboration, Communication, and Community Online. Medford, NJ: Information Today.

Foerstel, H. 1991. Surveillance in the Stacks: The FBI’s Library Awareness Program. New York: Greenwood.

———. 2004. Refuge of a Scoundrel: The Patriot Act in Libraries. Westport, CT: Libraries Unlimited.

Goldner, M. R. 2010. “Winds of Change: Libraries and Cloud Computing.” BIBLIOTHEK Forschung Und Praxis 34, no. 3: 270–75. http://docplayer.net/2025170-Winds-of-change-libraries-and-cloud-computing.html.

Gorman, M. 2000. Our Enduring Values: Librarianship in the 21st Century. Chicago: American Library Association.

Greiner, T. 2013. “Hold that Book, But You’re Risking Your Privacy: Guest Opinion.” Oregonian: Oregon Live, July 12. http://www.oregonlive.com/opinion/index.ssf/2013/07/hold_that_book_but_youre_riski.html.

Gressel, M. 2014. “Are Libraries Doing Enough to Safeguard Their Patrons’ Digital Privacy?” Serials Librarian 67, no. 2: 137–42. https://doi.org/10.1080/0361526X.2014.939324.

Hess, A. N., R. LaPorte-Fiori, and K. Engwall. 2015. “Preserving Patron Privacy in the 21st Century Academic Library.” Journal of Academic Librarianship 41, no. 1: 105–14. https://doi.org/10.1016/j.acalib.2014.10.010.

Hoffmann, A. L. 2016. “Privacy, Intellectual Freedom, and Self-Respect: Technological and Philosophical Lessons for Libraries.” In Perspectives on Libraries as Institutions of Human Rights and Social Justice, edited by P. T. Jaeger and J. Bertot, 49–69. Bingley, UK: Emerald. https://doi.org/10.1108/S0065-283020160000041003.

Huvila, I., K. Holmberg, M. Kronqvist-Berg, O. Nivakoski, and G. Widén. 2013. “What is Librarian 2.0: New Competencies or Interactive Relations? A Library Professional Viewpoint.” Journal of Librarianship and Information Science 45, no. 3: 198–205. https://doi.org/10.1177/0961000613477122.

International Federation of Library Associations and Institutions (IFLA). 2013. “IFLA Trend Report.” http://trends.ifla.org/.

———. 2016. “IFLA Trend Report 2016 Update.” http://trends.ifla.org/update-2016.

Kennedy, B. 1989. “Confidentiality of Library Records: A Survey of Problems, Policies and Laws.” Law Library Journal 81, no. 4: 733–67. http://works.bepress.com/aallcallforpapers/51/.

Kwanya, T., C. Stilwell, and P. G. Underwood. 2012. “Library 2.0 Versus Other Library Service Models: A Critical Analysis.” Journal of Librarianship and Information Science 44, no. 3: 145–62. https://doi.org/10.1177/0961000611426443.

Lambert, A. D., M. Parker, and M. Bashir. 2015. “Library Patron Privacy in Jeopardy: An Analysis of the Privacy Policies of Digital Content Vendors.” Proceedings of the Association for Information Science and Technology 52, no. 1: 1–9. https://www.asist.org/files/meetings/am15/proceedings/submissions/papers/98paper.pdf.

Lankes, R. D., J. Silverstein, S. Nicholson, and T. Marshall. 2007. “Participatory Networks: The Library as Conversation.” Information Technology and Libraries 26, no. 4: 17–33. Retrieved from http://www.informationr.net/ir/12-4/colis/colis05.html.

Library Freedom Project. 2017. https://libraryfreedomproject.org/.

Lilburn, J. 2015. “‘Secrets Are Lies’: Academic Libraries and the Corporate Control of Privacy in the Age of Commercial Social Media, a Reading of Dave Eggers’ The Circle.” Paper presented at CAPAL15: Academic Librarianship and Critical Practice, Ottawa, Ontario, Canada, May 31-June 2. http://capalibrarians.org/wp/wp-content/uploads/2015/06/2B_Lilburn_paper.pdf.

Litwin, R. 2006. “The Central Problem of Library 2.0: Privacy.” Library Juice (blog), May 22. http://libraryjuicepress.com/blog/?p=68.

Lwyoga, E. T. 2013. “Measuring the Success of Library 2.0 Technologies in the African Context: The Suitability of the DeLone and McLean’s Model.” Campus-Wide Information Systems 30, no. 4: 288–307. https://doi.org/10.1108/CWIS-02-2013-0011.

Magi, T. 2011. “Fourteen Reasons Privacy Matters: A Multidisciplinary Review of Scholarly Literature.” Library Quarterly 81, no. 2: 187–209. http://scholarworks.uvm.edu/cgi/viewcontent.cgi?article=1004&context=libfacpub.

———. 2010. “A Content Analysis of Library Vendor Privacy Policies: Do They Meet Our Standards?” College & Research Libraries 71, no. 3: 254–72. http://scholarworks.uvm.edu/cgi/viewcontent.cgi?article=1005&context=libfacpub.

Magi, T., and M. Garnar, eds. 2015. Intellectual Freedom Manual, 9th ed. Chicago: American Library Association.

Mahmood, K., and J. V. Richardson. 2013. “Impact of Web 2.0 Technologies on Academic Libraries: A Survey of ARL Libraries.” Electronic Library 31, no. 4: 508–20. https://doi.org/10.1108/EL-04-2011-0068.

Mainka, A., A. Hartmann, L. Orszullok, I. Peters, A. Stallmann, and W. G. Stock. 2013. “Public Libraries in the Knowledge Society: Core Services of Libraries in Informational World Cities.” Libri 63, no. 4: 295–319. https://doi.org/10.1515/libri-2013-0024.

Maness, J. M. 2006. “Library 2.0 Theory: Web 2.0 and Its Implications for Libraries.” Webology 3, no. 2. http://www.webology.org/2006/v3n2/a25.html.

Mannheimer, S., S. W. H. Young, and D. Rossmann. 2016. “On the Ethics of Social Network Research in Libraries.” Journal of Information, Communication and Ethics in Society 14, no. 2: 139–51. https://doi.org/10.1108/JICES-05-2015-0013.

Mathiesen, K. 2015. “Human Rights as a Topic and Guide for LIS Research and Practice.” Journal of the Association for Information Science and Technology 66, no. 7: 1305–22. https://doi.org/10.1002/asi.23293.

McFadden, R. 1987. “F.B.I. in New York Asks Librarians’ Aid in Reporting on Spies.” New York Times, September 18. http://www.nytimes.com/1987/09/18/nyregion/fbi-in-new-york-asks-librarians-aid-in-reporting-on-spies.html?pagewanted=all.

Morgan, C. 2006. “Intellectual Freedom: An Enduring and All-Embracing Concept.” In Intellectual Freedom Manual, 7th ed., edited by C. Morgan, 3–13. Chicago: American Library Association.

Murphy, D. 2003. “Some Librarians Use Shredder to Show Opposition to New F.B.I. Powers.” New York Times, April 7. http://www.nytimes.com/2003/04/07/us/some-librarians-use-shredder-to-show-opposition-to-new-fbi-powers.html.

———. 2007. “What Is All the Fuss about Library 2.0.” Law Library Journal 100, no. 1: 197–204. https://papers.ssrn.com/sol3/papers2.cfm?abstract_id=1022343.

Narciso, D. 2016. “Few Patrons Using Columbus Metropolitan Library’s New Online System.” Columbus Dispatch, April 29. http://www.dispatch.com/content/stories/local/2016/04/29/few-patrons-using-columbus-metropolitan-librarys-new-online-system.html.

New York Public Library. 2011. “The New York Public Library and Bibliocommons Partner to Create a New Innovative, Interactive Online Experience.” Press release, June 20. https://www.nypl.org/press/press-release/2011/06/20/new-york-public-library-and-bibliocommons-partner-create-new-innovati.

Olmstead v. U.S., 277 U.S. 438 (1928) (Brandeis, J., dissenting). https://www.law.cornell.edu/supremecourt/text/277/438.

Richards, N. 2013. “The Perils of Social Reading.” Georgetown Law Journal 101, no. 3: 689–724. https://georgetownlawjournal.org/articles/134/perils-of-social-reading/pdf.

———. 2015. Intellectual Privacy: Rethinking Civil Liberties in the Digital Age. New York: Oxford University Press.

Robbins, L. 1991. “Toward Ideology and Autonomy: The American Library Association’s Response to Threats to Intellectual Freedom, 1939–1969.” PhD diss., Texas Woman’s University, Denton, Texas. https://www.researchgate.net/publication/35558832_Toward_ideology_and_autonomy_the_American_Library_Association’s_response_to_threats_to_intellectual_freedom_1939-1969.

Rustad, M. L. 2016. Global Internet Law in a Nutshell, 3rd ed. St. Paul, MN: West Academic Publishing.

Sanchez, R. 2003. “Librarians Make Some Noise over Patriot Act.” Washington Post, April 10. https://www.washingtonpost.com/archive/politics/2003/04/10/librarians-make-some-noise-over-patriot-act/91bcbbc6-65a6-41d2-855d-d78b4c7945d2/.

Scardilli, B. 2015. “Four Discovery Services to Watch.” Information Today, October 6. http://newsbreaks.infotoday.com/NewsBreaks/Four-Discovery-Services-to-Watch-106716.asp.

Warfield, P. 2015. “Privacy Concerns Abound over BiblioCommons.” Bay Area Reporter, January 15. http://ebar.com/openforum/opforum.php?sec=guest_op&id=497.

Wójcik, M. 2015. “The Use of Web 2.0 Services by Urban Public Libraries in Poland: Changes Over the Years 2011-2013.” Libri 65, no. 2: 91–103. https://doi.org/10.1515/libri-2015-0017.

Zimmer, M. 2008. “Preface: Critical Perspectives on Web 2.0.” First Monday 13 (3). Accessed March 15, 2017. http://firstmonday.org/article/view/2137/1943.

———. 2013a. “Assessing the Treatment of Patron Privacy in Library 2.0 Literature.” Information Technology and Libraries 32, no. 2: 29–41. https://ejournals.bc.edu/ojs/index.php/ital/article/viewFile/3420/pdf.

———. 2013b. “Patron Privacy in the 2.0 Era: Avoiding the Faustian Bargain of Library 2.0.” Journal of Information Ethics 22, no. 1: 44–59. https://doi.org/10.3172/JIE.22.1.44.

———. 2014. “Librarians’ Attitudes Regarding Information and Internet Privacy.” Library Quarterly 84, no. 2: 123–215. https://doi.org/10.1086/675329.


i. At the time of data collection in January 2015, the New York Public Library had a contract with BiblioCommons. Though as of October 12, 2015, the New York Public Library no longer had a library service agreement with BiblioCommons, its inclusion as part of the sample is relevant and instructive to the data collection and analysis at hand.

ii. The New York Public Library declined to provide materials because, as a private, non-profit educational organization, it was not subject to open records laws (Jacqueline F. Bausch, personal communication, January 9, 2015). Its privacy policies were available online.

Table 1. Libraries participating with BiblioCommons

Library

Location

Austin Public Library

Austin, TX

Bellingham Public Library

Bellingham, WA

Boston Public Library

Boston, MA

Central Arkansas Library System

Little Rock, AK

Central Rappahannock Regional Library

Fredericksburg, VA

Chapel Hill Public Library

Chapel Hill, NC

Chicago Public Library

Chicago, IL

CLEVNET

Cleveland, OH

Daniel Boone Regional Library

Columbia, MO

Deschutes Public Library

Bend, OR

Greenwich Library

Greenwich, CT

Johnson County Library

Shawnee Mission, KS

King County Library System

Issaquah, WA

Lawrence Public Library

Lawrence, KS

Multnomah County Library

Portland, OR

New York Public Library

New York, NY

Oceanside Public Library

Oceanside CA

Olathe Public Library

Olathe, KS

Omaha Public Library

Omaha, NE

PAC2 Consortium

Petoskey, MI

Peninsula Library System

San Mateo, CA

Petoskey Library District

Petoskey, MI

Pima County Public Library

Tucson, AZ

Portland Public Library

Portland, OR

Princeton Public Library

Princeton, NJ

Pueblo City-County Library District

Pueblo, CO

San Antonio Public Library

San Antonio, TX

San Francisco Public Library

San Francisco, CA

San Mateo County Library

San Mateo, CA

Santa Clara County Library

Santa Clara, CA

Santa Monica Public Library

Santa Monica, CA

Seattle Public Library

Seattle, WA

Tulsa City County Library

Tulsa, OK

Whatcom County Library System

Bellingham, WA

Table 2. Participating libraries with BiblioCommons reference in privacy policy

Library

BiblioCommons Reference Wording

Policy Type

Greenwich (CT) Library

“Third Party Services and Internet Communications. . . . The Library encourages users to review the privacy policies of all third-party providers. Users who use the Library’s new online public access catalog are encouraged to read the BiblioCommons privacy policy.”

Privacy and Confidentiality of Library Records (April 14, 2015)

Johnson County Library, Shawnee Mission, KS

“Catalog Privacy Statement. Our catalog is provided by Biblio­Commons and with its own distinct Privacy Statement. Upon registration, you agree to Privacy Statement as part of the BiblioCommons Terms of Use.”

Website Policies: Online Privacy (2014, 2016)

Multnomah County Library, Portland, OR

“Third party vendor services. . . . Policies for our discovery software for the on-line catalog: Bibliocommons (MyMCL).”

Privacy and Confidentiality of Library Records (May 7, 2015)

New York (NY) Public Library

“V. Third-Party Partners. . . . Users who use the Library’s new online public access catalog are encouraged to read the BiblioCommons privacy policy as well as this privacy overview.”

Privacy Policy (October 21, 2011)

* No BiblioCommons contract as of October 12, 2015

New York (NY) Public Library

“As part of the catalog transition, all information associated with your user account was transferred from the old system (Biblio­Commons) to NYPL on October 12, 2015. PLEASE NOTE that, unless you have already taken steps to deactivate your BiblioCommons account, you will still have an active BiblioCommons account. You should coordinate directly with BiblioCommons if you no longer want an account with them. Your interactions with the new catalog are covered by the NYPL Privacy Policy and not by the BiblioCommons Privacy Statement.”

Changes to the Online Catalog: Your Information and Privacy (October 12, 2015)

Oceanside (CA) Public Library

“C. Release of Information. 1. . . a. BiblioCommons, Inc. provides the Library’s online catalog. If a customer provides them with his or her Library card number, The Library will transmit certain data to them including name, birth date, and e-mail address.”

Policy Manual, 4.2 Confidentiality (November 25, 2013)

San Francisco Public Library

“Discovery Layer Interface . . . 13. . . . In acceptance of the BiblioCommons Terms of Use, a user agrees to abide by the Biblio­Commons Privacy Statement; users are advised to please read the BiblioCommons Terms of Use and Privacy Statement carefully . . . .” (multiple references)

Privacy Policy (January 1, 2015)

Whatcom County Library System, Bellingham, WA

“What staff may do: . . . At any time it is relevant, staff may show patrons how to register in BiblioCommons, access their account information online or via telephone messaging, use self-checkout, pay fines online, sign up for ELF notification, or any other self-service options.”

“What a patron may do: . . . When a patron would like information about their account, he or she may view it online via Biblio­Commons or ELF, access it via Telephone Messaging, or ask a staff member for assistance.”

Patron Confidentiality Administrative Procedure 501.01 (June 18, 2014)